[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: I'm have a problem w/userPasswords and binding

To: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Subject: Re: I'm have a problem w/userPasswords and binding
From: Rob Tanner <rtanner@linfield.edu>
Date: Fri, 08 Oct 2004 11:34:44 -0700
Cc: ando@sys-net.it, openldap-software@OpenLDAP.org
Content-disposition: inline
In-reply-to: <6.1.2.0.0.20041008111150.02d1daf0@127.0.0.1>
References: <3E4FBEFF4C2C85EEA29B886F@oberon.linfield.edu> <40164.131.175.154.56.1097219971.squirrel@131.175.154.56> <B324B2C9251352E769950455@cheshire.cheshiresgrin.net> <41662.131.175.154.56.1097258411.squirrel@131.175.154.56> <6.1.2.0.0.20041008111150.02d1daf0@127.0.0.1>

Nope. I'm providing the original password, not the hash.

--On Friday, October 08, 2004 11:12:49 AM -0700 "Kurt D. Zeilenga" <Kurt@OpenLDAP.org> wrote:
> I'd guess Rob is not providing the actual password to ldapsearch
> as required but instead providing the hash of the password.
>
> At 11:00 AM 10/8/2004, Pierangelo Masarati wrote:
> >ACL problem? What about the access anonymous has to both entries
> >userPassword? You can check it by adding 128 to your log level.
> >
> >p.
> >
> >>
> >> --On Friday, October 08, 2004 09:19:31 AM +0200 Pierangelo Masarati
> >> <ando@sys-net.it> wrote:
> >>  >
> >>> Rob,
> >>>
> >>> "Invalid credentials" is a catchall for almost any error during bind,
> >> to
> >>> avoid disclosing sensitive info (e.g. the user does not exist, or
> >> other
> >>> details about the account) to malicious clients. I suggest you look
> >> at
> >>> server logs at a reasonable level (at worst, -d -1; -d 256 (STATS) or
> >> -d
> >>> 384 (STATS+ACL) should be a good starting point) to find out more
> >> about
> >>> the real reason of your failure.
> >>>
> >>> You don't say what versions of server and client you're using, so
> >> further
> >>> advise is not possible.
> >>>
> >>> p.
> >>>
> >>> --
> >>> Pierangelo Masarati
> >>> mailto:pierangelo.masarati@sys-net.it
> >>>
> >>>
> >>>
> >>>     SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax:
> >> +390382476497
> >>>
> >>>
> >>
> >> Pierangelo,
> >>  Also, here is the antry for the DN that can't successfully bind (yes,
> >> I did replace the password a
> >> string of Xs -- other than that, this is the unmodified output from
> >> ldapsearch):
> >>
> >> # extended LDIF
> >> #
> >> # LDAPv3
> >> # base <o=linfield.edu> with scope sub
> >> # filter: cn=postfix
> >> # requesting: ALL
> >> #
> >>
> >> # Postfix, Special Users, linfield.edu
> >> dn: cn=Postfix,ou=Special Users,o=linfield.edu
> >> objectClass: top
> >> objectClass: linfieldSpecialUser
> >> cn: Postfix
> >> ou: Special Users
> >> userPassword:: XXXXXXXXXXXXXXXXXXXXXXXXXXXX
> >>
> >> # search result
> >> search: 2
> >> result: 0 Success
> >>
> >> # numResponses: 2
> >> # numEntries: 1
> >>
> >>
> >> Thanks,
> >> Rob
> >>
> >> --
> >> Rob Tanner
> >> UNIX Services Manager
> >> Linfield College, McMinnville OR
> >>
> >
> >
> >--
> >Pierangelo Masarati
> >mailto:pierangelo.masarati@sys-net.it
> >
> >
> >    SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497
>
>

--
Rob Tanner
UNIX Services Manager
Linfield College, McMinnville OR

References:
- I'm have a problem w/userPasswords and binding
  - From: Rob Tanner <rtanner@linfield.edu>
- Re: I'm have a problem w/userPasswords and binding
  - From: "Pierangelo Masarati" <ando@sys-net.it>
- Re: I'm have a problem w/userPasswords and binding
  - From: Rob Tanner <rtanner@linfield.edu>
- Re: I'm have a problem w/userPasswords and binding
  - From: "Pierangelo Masarati" <ando@sys-net.it>
- Re: I'm have a problem w/userPasswords and binding
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

Prev by Date: Re: I'm have a problem w/userPasswords and binding
Next by Date: Re: I'm have a problem w/userPasswords and binding
Index(es):
- Chronological
- Thread